Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-1462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker- controlled TensorFlow SavedModels to be loaded during...

8.8CVSS7.9AI score0.00363EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/13 3:31 p.m.4 views

EUVD-2026-21970

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References3
OSV
OSV
added 2026/04/13 3:31 p.m.4 views

GHSA-4F3F-G24H-FR8M Keras has an untrusted deserialization vulnerability

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/13 3:31 p.m.13 views

Keras has an untrusted deserialization vulnerability

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/13 3:17 p.m.6 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS0.00363EPSS
Exploits1References7
OSV
OSV
added 2026/04/13 3:17 p.m.10 views

UBUNTU-CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/13 3:17 p.m.17 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.6AI score0.00363EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/13 2:55 p.m.32 views

CVE-2026-1462 Safe Mode Bypass in keras-team/keras

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS0.00363EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/13 2:55 p.m.3 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS8.7AI score0.00363EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/13 2:55 p.m.11 views

CVE-2026-1462 Safe Mode Bypass in keras-team/keras

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS6.3AI score0.00363EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 2:55 p.m.4 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS6.3AI score0.00363EPSS
Exploits1References3
CVE
CVE
added 2026/04/13 2:55 p.m.26 views

CVE-2026-1462

The CVE-2026-1462 issue affects the keras package (v3.13.0) via the TFSMLayer deserialization path. The vulnerability allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safe_mode is enabled, due to unconditional loading of external Sa...

8.8CVSS7.7AI score0.00363EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/04/13 2:55 p.m.1 views

CVE-2026-1462 Safe Mode Bypass in keras-team/keras

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

7.8CVSS7.6AI score0.00363EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.3 views

PT-2026-32367

Name of the Vulnerable Software and Affected Versions keras version 3.13.0 Description A flaw in the TFSMLayer class allows attacker-controlled TensorFlow SavedModels to be loaded during the deserialization of .keras models. This occurs even when safe mode=True is enabled, bypassing security...

8.8CVSS7.4AI score0.00363EPSS
Exploits1References22
Huntr
Huntr
added 2026/01/06 2:55 p.m.6 views

TFSMLayer bypasses `safe_mode=True`, allowing attacker-controlled code execution during model inference

Summary TFSMLayer allows loading attacker-controlled TensorFlow SavedModels when deserializing a .keras model, even when safemode=True the default. While TensorFlow does not execute SavedModel functions during load, the attacker-controlled graph is registered during deserialization and executes...

8.8CVSS7.8AI score0.00363EPSS
Exploits1
Rows per page
Query Builder